3. Snort - VPN - P2P-ruleset

Snort - VPN - P2P-ruleset

  • ?

    Hi everybody!

    I experienced with pfSense 2.1 and snort (different versions installed since NOV-2013) an issue with VPN tunnels (from pfSense to pfSense, a total of 3 appliances).  After 2-3 min of heavy load (ftp, samba) on the tunnel (IPsec or openVPN, doesn't matter which), the connection broke and the tunnel was gone.

    I tried several things, changed tunnel from initial IPsec to openVPN etc. pp. but finally and in the end I found that the tunnels were killed by funny little snort, P2P ruleset, several rules around eMule. After turning off this ruleset, the tunnels work fine and never ever again broke under load.

    Has anybody else experienced this before or has an explanation for this bug/feature?

    Kind regards!

    0
  • X

    Yep, happened to me. Well the vpn wasn't blocked because I have the remote host added to the $home_net, but it was triggering an alert.

    1:2003310 ET P2P Edonkey Publicize File

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy